Jefferson Parish public school experienced a data breach. The data breach exposed 86 Jefferson Parish public school students’ confidential student portal log information to more than 40,000 families. It was caused by a problem with a vendor.

Metairie Park Country Day School (MPCDS) suffered a ransomware attack via its third-party vendor, Blackbaud, between February 7, 2020, and May 20, 2020. The incident exposed sensitive personal data of approximately 2,920 individuals, including two Maine residents whose names and taxpayer identification numbers (TINs) were potentially compromised. The breach was disclosed to affected parties via written notice on November 18, 2020. The attack targeted Blackbaud’s systems, which stored MPCDS’s donor, alumni, and student records. While the school relied on Blackbaud’s services, the ransomware encryption led to unauthorized access to confidential information. Although Blackbaud claimed to have contained the attack and paid the ransom to prevent further data leakage, the exposure of taxpayer IDs—a critical identifier for financial and identity fraud—posed significant risks. The delayed notification (over six months after discovery) further exacerbated concerns over transparency and mitigation efforts. The incident highlights vulnerabilities in third-party vendor security, particularly in educational institutions handling sensitive financial and personal data. The compromised taxpayer identification numbers could enable identity theft, fraudulent tax filings, or financial scams, making this a high-stakes data breach with long-term repercussions for affected individuals.